<?php
include_once("sessionmanager.php");
initSession();

if (!isset($_SESSION['s_loggedin']) || ($_SESSION['s_loggedin'] == false) || !isset($_SESSION['s_serverurl']) || (strpos($_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'],$_SESSION['s_serverurl']) === false)) {
	$error_page_code = "timeout";
	include "errorpage.php";
	exit();
}

if ($_SESSION['s_isviewer']) {
	$error_page_code = "permission";
	include "errorpage.php";
	exit();
}

include "config.php";
include "languages.php";
include_once "functions.inc.php";
include "attributes.php";

makeheader(PW_TITLE);

mysql_connect($dbhost,$dbusername,$dbpassword);
mysql_select_db($dbname);

if (isset($_POST['oldpass']) && isset($_POST['email']) && !empty($_POST['email']) && 
	preg_replace("/([a-zA-Z0-9_\.\-])+\@(([a-zA-Z0-9\-])+\.)+([a-zA-Z0-9]{2,4})/","",$_POST['email']) == "") 
{
	$oldpass  = mysql_escape_string(stripslashes($_POST['oldpass']));
	$newpass1 = mysql_escape_string(stripslashes($_POST['newpass1']));
	$newpass2 = mysql_escape_string(stripslashes($_POST['newpass2']));
    $stylepath = mysql_escape_string(stripslashes($_POST['stylepath']));
    $ingameusername = mysql_escape_string(stripslashes($_POST['ingameusername']));
    $allytag = mysql_escape_string(stripslashes($_POST['allytag']));
    $universe = preg_replace("/[^0-9]/","",$_POST['universe']);
    $ogameserver = mysql_escape_string(stripslashes($_POST['ogameserver']));
    $viewerpass = mysql_escape_string(stripslashes($_POST['viewerpass']));
    $email = mysql_escape_string(stripslashes($_POST['email']));
    if(empty($oldpass) || md5($oldpass) != $_SESSION['s_userpass']){
    	echo "<div align=\"center\" class=\"failure\">".PW_ERROR."</div>";
    } else {
	if ($newpass1 == $newpass2 && !empty($newpass1) && $newpass1 != $viewerpass) {
		//$query = "UPDATE $utablename SET userpass=md5('$newpass1'),stylepath='$stylepath',ingame='$ingameusername',allytag='$allytag',email='$email',universe=$universe,ogameserver='$ogameserver'
		$query = "UPDATE $utablename SET userpass=md5('$newpass1'),stylepath='$stylepath',ingame='$ingameusername',allytag='$allytag',universe=$universe,ogameserver='$ogameserver',viewerpass='$viewerpass'
				  WHERE id='".$_SESSION['s_userid']."' AND userpass=md5('$oldpass')";
		$res = mysql_query($query) or die(mysql_error());
		$rows = mysql_affected_rows();
		$_SESSION['s_ogameserver'] = $ogameserver;
		$_SESSION['s_userpass'] = md5($newpass1);
		echo "<div align=\"center\" class=\"success\">".PW_DONE."</div>";
	} elseif (!empty($newpass1) && $newpass1 != $viewerpass) {
		echo "<div align=\"center\" class=\"failure\">".PW_MISMATCH."</div>";
	} elseif (!empty($newpass1) && $newpass1 == $viewerpass || empty($newpass1) && $oldpass == $viewerpass) {
		echo "<div align=\"center\" class=\"failure\">".PW_VIEWER_UNSECURE."</div>";
	} else {
		if (empty($newpass1) && !empty($oldpass)) {
			//$query = "UPDATE $utablename SET stylepath='$stylepath', ingame='$ingameusername', allytag='$allytag', email='$email',universe=$universe,ogameserver='$ogameserver'
			$query = "UPDATE $utablename SET stylepath='$stylepath', ingame='$ingameusername', allytag='$allytag', universe=$universe,ogameserver='$ogameserver',viewerpass='$viewerpass'
					  WHERE id='".$_SESSION['s_userid']."' AND userpass=md5('$oldpass')";
			$res = mysql_query($query) or die(mysql_error());
			$rows = mysql_affected_rows();
			$_SESSION['s_ogameserver'] = $ogameserver;
			echo "<div align=\"center\" class=\"success\">".PW_DONE."</div>";
		}
	}
   }
} elseif (isset($_POST['email'])) {
	echo '<div align="center" class="failure">'.USER_ERROR1.'</div>';
}

// styles path holen
$query = "SELECT stylepath,email,allytag,ingame,universe,ogameserver,viewerpass FROM $utablename WHERE id='".$_SESSION['s_userid']."'";
$res = mysql_query($query) or die(mysql_error());
$line = mysql_fetch_object($res);
$stylepath = $line->stylepath;
$email = $line->email;
$ingameusername = $line->ingame;
$allytag = $line->allytag;
$universe = $line->universe;
$ogameserver = $line->ogameserver;
$viewerpass = $line->viewerpass;
?>
<form name="usermangagement" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>" >
<table cellpadding="1" cellspacing="0" border="0" align="center" width="90%"><tr><td>
<table cellpadding="4" cellspacing="0" border="0" width="100%">
<tr class="tblhead"><td colspan="2"><?php echo PW_TITLE; ?></td></tr>
<tr class="firstcolor">
    <td><?php echo OLD_PASSWORD; ?>:</td>
    <td><input class="textfield" name="oldpass" type="password" size="20" maxlength="20" /></td>
</tr>
<tr class="firstcolor">
    <td><?php echo NEW_PASSWORD; ?>:</td>
    <td><input class="textfield" name="newpass1" type="password" size="20" maxlength="20" /></td>
</tr>
<tr class="firstcolor">
    <td><?php echo CONFIRM_NEW_PASSWORD; ?>:</td>
    <td><input class="textfield" name="newpass2" type="password" size="20" maxlength="20" /></td>
</tr>
<tr class="firstcolor"><td><?php echo USER_VIEWERPASS; ?>:</td>
<td><input class="textfield" name="viewerpass" type="text" value="<?php echo $viewerpass; ?>" size="40" maxlength="20" /></td>
</tr>
<tr class="firstcolor"><td><?php echo USER_INGAME; ?>:</td>
<td><input class="textfield" name="ingameusername" type="text" value="<?php echo $ingameusername; ?>" size="40" maxlength="20" /></td>
</tr>
<tr class="firstcolor"><td><?php echo USER_ALLYTAG; ?>:</td>
<td><input class="textfield" name="allytag" type="text" value="<?php echo $allytag; ?>" size="40" maxlength="10" /></td>
</tr>
<tr class="firstcolor"><td><?php echo USER_UNIVERSE; ?>:</td>
<td><input class="textfield" name="universe" type="text" value="<?php echo $universe; ?>" size="40" maxlength="2" /></td>
</tr>
<tr class="firstcolor"><td><?php echo USER_OGAMESERVER; ?>:</td>
<td><select name="ogameserver" class="textfield"><option <?=($ogameserver=="ogame.com.cn"?"selected":"")?>>ogame.com.cn</option><option <?=($ogameserver=="ogame.org"?"selected":"")?>>ogame.org</option><option <?=($ogameserver=="ogame.tw"?"selected":"")?>>ogame.tw</option></select><!-- <input class="textfield" name="ogameserver" type="text" value="<?php echo $ogameserver; ?>" size="40" maxlength="32" /> //--></td>
</tr>
<tr class="firstcolor" style="display:none;"><td><?php echo USER_STYLEPATH; ?>:</td>
<td><input class="textfield" name="stylepath" type="hidden" value="<?php echo $stylepath; ?>" size="40" maxlength="255" /></td>
</tr>
<tr class="firstcolor"><td><?php echo USER_EMAIL; ?>:</td>
<td><input readonly class="textfield" name="email" type="text" value="<?php echo $email; ?>" size="40" maxlength="255" /></td>
</tr>
<tr class="firstcolor" valign="top">
	      	<td align="right"><input class="button" type="submit" name="<?php echo USER_SUBMIT; ?>" value="<?php echo USER_SUBMIT; ?>" /></td>
	      	<td><input class="button" type="reset" name="<?php echo USER_RESET; ?>" value="<?php echo USER_RESET; ?>" /></td>
</tr></table>
</td></tr>
</table>
</form>
<?php
makefooter();
?>
